Overview
overview
10Static
static
1modest-menu.exe
windows7-x64
10modest-menu.exe
windows10-2004-x64
10$TEMP/Advantage
windows7-x64
1$TEMP/Advantage
windows10-2004-x64
1$TEMP/Arrangements
windows7-x64
1$TEMP/Arrangements
windows10-2004-x64
1$TEMP/Auto
windows7-x64
1$TEMP/Auto
windows10-2004-x64
1$TEMP/Believe
windows7-x64
1$TEMP/Believe
windows10-2004-x64
6$TEMP/Concord
windows7-x64
1$TEMP/Concord
windows10-2004-x64
1$TEMP/Date
windows7-x64
1$TEMP/Date
windows10-2004-x64
1$TEMP/Dynamics
windows7-x64
1$TEMP/Dynamics
windows10-2004-x64
1$TEMP/Eco
windows7-x64
1$TEMP/Eco
windows10-2004-x64
1$TEMP/Enabling
windows7-x64
1$TEMP/Enabling
windows10-2004-x64
1$TEMP/F
windows7-x64
1$TEMP/F
windows10-2004-x64
1$TEMP/Fax
windows7-x64
1$TEMP/Fax
windows10-2004-x64
1$TEMP/Flow
windows7-x64
1$TEMP/Flow
windows10-2004-x64
1$TEMP/Inappropriate
windows7-x64
1$TEMP/Inappropriate
windows10-2004-x64
1$TEMP/Lobby
windows7-x64
1$TEMP/Lobby
windows10-2004-x64
1$TEMP/Maple
windows7-x64
1$TEMP/Maple
windows10-2004-x64
1General
-
Target
modest-menu.exe
-
Size
1012KB
-
Sample
240710-vjprjsygpn
-
MD5
eb02a51e3f0949663984ec3acf771d0d
-
SHA1
06bb936fa0aadd1ec9824b4cd4462e48da12f830
-
SHA256
9a36d26b871a2de4d30f8c70c27afadf739093eb00bdb54e43d1be0dd311514b
-
SHA512
7d2415e41a55747bd860d7186348dd38aeb05e96c7227bde05046661101a4c829dedb86a37dbc86815bc1122d4270e432bc6d95deff751c92cb05532db1da342
-
SSDEEP
24576:s4L2InzbTDtjGBuzvyhzoxEfDgMG4NPSpjWz9KMCel:SIzP5jWAvQM/8SpKBKzel
Static task
static1
Behavioral task
behavioral1
Sample
modest-menu.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
modest-menu.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
$TEMP/Advantage
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
$TEMP/Advantage
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
$TEMP/Arrangements
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
$TEMP/Arrangements
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
$TEMP/Auto
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
$TEMP/Auto
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
$TEMP/Believe
Resource
win7-20240705-en
Behavioral task
behavioral10
Sample
$TEMP/Believe
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
$TEMP/Concord
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
$TEMP/Concord
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
$TEMP/Date
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
$TEMP/Date
Resource
win10v2004-20240709-en
Behavioral task
behavioral15
Sample
$TEMP/Dynamics
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
$TEMP/Dynamics
Resource
win10v2004-20240709-en
Behavioral task
behavioral17
Sample
$TEMP/Eco
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
$TEMP/Eco
Resource
win10v2004-20240709-en
Behavioral task
behavioral19
Sample
$TEMP/Enabling
Resource
win7-20240704-en
Behavioral task
behavioral20
Sample
$TEMP/Enabling
Resource
win10v2004-20240709-en
Behavioral task
behavioral21
Sample
$TEMP/F
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
$TEMP/F
Resource
win10v2004-20240709-en
Behavioral task
behavioral23
Sample
$TEMP/Fax
Resource
win7-20240705-en
Behavioral task
behavioral24
Sample
$TEMP/Fax
Resource
win10v2004-20240709-en
Behavioral task
behavioral25
Sample
$TEMP/Flow
Resource
win7-20240708-en
Behavioral task
behavioral26
Sample
$TEMP/Flow
Resource
win10v2004-20240709-en
Behavioral task
behavioral27
Sample
$TEMP/Inappropriate
Resource
win7-20240705-en
Behavioral task
behavioral28
Sample
$TEMP/Inappropriate
Resource
win10v2004-20240709-en
Behavioral task
behavioral29
Sample
$TEMP/Lobby
Resource
win7-20240708-en
Behavioral task
behavioral30
Sample
$TEMP/Lobby
Resource
win10v2004-20240709-en
Behavioral task
behavioral31
Sample
$TEMP/Maple
Resource
win7-20240704-en
Behavioral task
behavioral32
Sample
$TEMP/Maple
Resource
win10v2004-20240709-en
Malware Config
Extracted
lumma
https://answerrsdo.shop/api
https://bouncedgowp.shop/api
https://bannngwko.shop/api
https://bargainnykwo.shop/api
https://affecthorsedpo.shop/api
https://radiationnopp.shop/api
https://publicitttyps.shop/api
https://benchillppwo.shop/api
https://reinforcedirectorywd.shop/api
Targets
-
-
Target
modest-menu.exe
-
Size
1012KB
-
MD5
eb02a51e3f0949663984ec3acf771d0d
-
SHA1
06bb936fa0aadd1ec9824b4cd4462e48da12f830
-
SHA256
9a36d26b871a2de4d30f8c70c27afadf739093eb00bdb54e43d1be0dd311514b
-
SHA512
7d2415e41a55747bd860d7186348dd38aeb05e96c7227bde05046661101a4c829dedb86a37dbc86815bc1122d4270e432bc6d95deff751c92cb05532db1da342
-
SSDEEP
24576:s4L2InzbTDtjGBuzvyhzoxEfDgMG4NPSpjWz9KMCel:SIzP5jWAvQM/8SpKBKzel
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$TEMP/Advantage
-
Size
55KB
-
MD5
f3583eb1e2b24f22b18f952ad2523c49
-
SHA1
760c4d12bf291c1415415f588d9ec2304fb80568
-
SHA256
808b624226e9d768b3a41ea917bfb099a069d71697ed51d347eedb173d3db6d7
-
SHA512
ef3b7dc30d939a5e5c04a60f454c76527d13009d5df669d926912bb521b81740a9a71eceb14b619d615b371583e87d93617400dad79bdc6a0ae14cf6b82a39f9
-
SSDEEP
768:A8+sDkXLAlMoLVNIo8DJWxWWbP75qcaTlKWzhQVNsbSSkLQ7PqYIueIVvaOsibzA:M7bAlHL/4aj5Vf7gqYrui3A
Score1/10 -
-
-
Target
$TEMP/Arrangements
-
Size
125KB
-
MD5
2fed43e71c00e8ba4e4812ede092a3ad
-
SHA1
91406ad8199c99047f0ff81886f16d3f96f82543
-
SHA256
f86f0c7901d3768d0240cac5fadb24ec3a70c478a8e241848d37003046bab22a
-
SHA512
e198076dd8f1b4c96997892c0b7afe9db23e72d9e376dd552159052e5d6bb3fbc7becf5c997a514652cf1a4b6d7737f197f2ac3227492aa7c436e9997dd04c2d
-
SSDEEP
3072:mWN7SGgqOjOTDPNGBcmzoRQNur62OtIluMj:bRSGgqBDIBceur6ltIAMj
Score1/10 -
-
-
Target
$TEMP/Auto
-
Size
19KB
-
MD5
3be4b5a402fea1d46b93cc10075bddd2
-
SHA1
9dad39e5e5f7309cb68d39bd9f14b18101b15d88
-
SHA256
6e8f655876670322b0acf1a1b2868de0636908fcfd8823c02d738d13519a1d12
-
SHA512
d8b437b9f7a383034efd0fccee841f4ac2291ca0df2016143d1786d09943c12e5bf63a8c735f88a7ed52baed4d40be90013021f635e9ac93c8d996a93b2c5d51
-
SSDEEP
384:86XtasmC84Ll9iRrNXxdB1gv4PSTNVvmQXPMYSckSllpFC/0vB9Kr6dVo9x:LXtiC84Ll9iRfdB1gpjXgckS9cAXKOde
Score1/10 -
-
-
Target
$TEMP/Believe
-
Size
39KB
-
MD5
02ead0c9858044ac35199230cb3ab139
-
SHA1
2ff088e0f73dcf1e1e4d4e1b4acc6b63febb909a
-
SHA256
d185919875ba821f92e14e46344ae96e343cf41f19d8f46a23589ab78538c8ea
-
SHA512
eb3008b7019ee3cc66a51abb469dc752aaebc684894b4db975131eb9d793c96c1f841c2d56d6366d1f3e28897c03aeb337838169df96ff37fe91dcc2da4f741f
-
SSDEEP
768:V1xEte07EWGnikscax2OCkQuG4ypQ9Fsqib9futLZzWaIxyKw7nB:V1uYtWGJG2kQyyy9FskzWaIxOd
Score6/10-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
$TEMP/Concord
-
Size
37KB
-
MD5
9e54cd35059c72e43735836dda986f5d
-
SHA1
617554bb3ff29716b67caf1284d819866b82af86
-
SHA256
cb8165bc704dbbd8532b8fc8e39d8902e421640229134853316dddd27304440f
-
SHA512
0f6cd020025c437e6692e350c5645446a528a17f60f1376cc5943d594fe34a16dc3b06e11528c57aae8d89f49168e0a26f0f263c693e52d4b82fc3048dda6ce5
-
SSDEEP
768:iYTrIx+I0IKQ8SbkXhdqgWWwr2G+jvEHHzR3Sh0:lHIx10IKQ8SoXTqgWVrZ+Int3S2
Score1/10 -
-
-
Target
$TEMP/Date
-
Size
23KB
-
MD5
691d085c47ae40840542b9d4796ec6de
-
SHA1
edef6c2afdfd011a8a856d046f9c2b56c14f24d5
-
SHA256
a4deefffa64a55b9ea4aaec7193f08adcaf634de875b725d63923cb8afdc8533
-
SHA512
55c9618d4cf477f84f165852e70c0d7a37f635345a826c456f912221d394cf6b4bf42e40f8c492272dbf1dd48d6977b239af6dde02539856877d481704f16188
-
SSDEEP
384:m7f6zNGB0toYwquY2nLAyH9JRWwPC4HwS9dDY9Qz7IMJy92HbAYjL52ykPAOzUoZ:O6zNGB0toYyncyH9JRpHbDYA22HbbjNY
Score1/10 -
-
-
Target
$TEMP/Dynamics
-
Size
18KB
-
MD5
a55fe7301a8331c3e202bbb350837c51
-
SHA1
a55c84023ff48af7ffdc229db28f45334d5f36a5
-
SHA256
bc8c60c912824deba76b5815c73272bf15b5a1a625a65a31015a03fb2b921f7d
-
SHA512
5d34b2b029e2d22ffdc90f56d561823e3eeeecb910b5742add387b78a438797c005177ce04718ec7c46d3558d56e8bf5a7129f995aa1d8eef94f300632b0f312
-
SSDEEP
384:5NQ6tDlK5amvTsCVjBkgMpRje6TtgguvVtLo/r/H:5iwDIUKo+jBAfe6TtgguvC
Score1/10 -
-
-
Target
$TEMP/Eco
-
Size
92KB
-
MD5
d52d093c2ad11a7fa8caa82118312324
-
SHA1
ead4b9d075e88e48a1de94b69b19e113476be660
-
SHA256
073569dd893fae4c511183289f63a86364d404eb9203f9f0520c604590808c06
-
SHA512
b311bb24344dd9829139c6784595c898e9abef230a3b965d0127e84c7c4d25e880df3e1cc6030c406da84a5ea2e806ffe6cbfb6f75563a4ea077c2fa4c5f207e
-
SSDEEP
1536:4IL8TRtqM0kwYW/H+XMBZS/fgoWfsoeysHpbMFBTtnIv1oYs2ioWZFNX5uUuIwP7:4IURt90kw5WCS/ooWfstFBM/TtI9o32v
Score1/10 -
-
-
Target
$TEMP/Enabling
-
Size
26KB
-
MD5
b8eeb773052aa634fcda25c6a74633de
-
SHA1
576f435cadcd3ae2d366a32e562e7a64ec0e7d8b
-
SHA256
98687cff8ff2bf7de91bf8ba6d59906590e95451b6d178e61020bb1320217924
-
SHA512
32de3b2412540841f021d214dc6c2106dcb71b4c876625423cecd6d7f522ebb42b4c570364385c5dcacfffdce6c45536e131bfcf1119e459219e5413a99f871d
-
SSDEEP
192:mtlernjuPzQ0nMi4BA48PQh+NEpCarucTE6QZSSYA13KcqIb/rvOz:FDj21naB3pMygarucTQ0Snh3HvOz
Score1/10 -
-
-
Target
$TEMP/F
-
Size
38KB
-
MD5
14816518caf15aaa457c24cdba7533b4
-
SHA1
bff3122a80f5d9c60b9d8b6dbc12e8177abd3418
-
SHA256
7f6b87bec48a8bc8723104f0e7e49a615a57aae92b17c408b89b402530b0b231
-
SHA512
4b8480052ac524085f8d0e75c7b4b6071b36772df14519ee7e1b77562913472c926cdd34845754665609506972ff25401eeb9d1b905ad9ec9fb1965c1cef894c
-
SSDEEP
768:kiReINDpWPIDJ0vLyktlgwYtfKUGabl8UvrcyzJs/:kinN8PsJitgXKUvl8UTcyzJA
Score1/10 -
-
-
Target
$TEMP/Fax
-
Size
91KB
-
MD5
10c3f393a193fc3a75571e32bc9a7af4
-
SHA1
1df5d1158c697b1f519cfac40b9c0279c82b5605
-
SHA256
5d26906575ef47159261b4272255a707ed22a48a85a93a1a139d2b485af66e67
-
SHA512
490b8b5cd6a43de1627af4e6cd02032315cf8123c3d6f43f2c188e7e0bfc3bb3caeeb016e08ab9e21ef592e9d8150a0e0140d2159e556c5f13f53e658f4c0afb
-
SSDEEP
1536:AUSIcx7ftsr/M/FSLJwECNWftnyxzbOvoL19VkJaTucxWCyN+trGrFftxclNm2Uq:zSlx7ajaSLatNStL6N03/x+rGrFtOjZx
Score1/10 -
-
-
Target
$TEMP/Flow
-
Size
67KB
-
MD5
4d208ce6b834f65cfbd5003a33eb0885
-
SHA1
1aaa9d411b90df88b7606784485897985ddbb25c
-
SHA256
c3479095c5afe1d7c66a07f386d2c498f8b7faacad022dd24d8b6c15cf0af0a4
-
SHA512
e1a31eae919358ba1fbbfe6a0af7b5fc9bff2e81ed38d02747a81e120fb16a85318f3dee15f6c5152a3e43d8745daeb5d260e590909c262017ef472269dc2acd
-
SSDEEP
1536:60Hikj06LDykFIcizp97bA3EKNcpzjIqIinTglynkQ3+EX0eoP:60V06pijcE9pzjIqnnTJkQ3+1
Score1/10 -
-
-
Target
$TEMP/Inappropriate
-
Size
51KB
-
MD5
7e83454195c83b0961b1741fa29369b5
-
SHA1
3d85e2d801065a81dfcca89c6a1b10dd84e83de1
-
SHA256
4e1750b70791ca81d57049a3cedc97cc7a843c5de5f5d9ed156dbdd516e45675
-
SHA512
8cf03c11d946ce298dfe76901387a6a43da09c01f97d9895c708ff3cfd241bd274094b41be3dcc2bf56aefa3b22446ec3b9f06a169fc9b553a58bc6259e56d8e
-
SSDEEP
1536:bCJ5h3FsoejQ1/9klkp5VLGEDuaiC7v8xV96A6:of3qoT1/Qkp5IKuLuv8xVT6
Score1/10 -
-
-
Target
$TEMP/Lobby
-
Size
32KB
-
MD5
9cc46881959800f39ad3fa31fddc5e9b
-
SHA1
99af6c1a963382061014ae0c8e0057e75227c19b
-
SHA256
3e4f9cf22f35fb57cc0d98ed3f396c72bebfe64c645c670ff74d96ae5b4ba6e0
-
SHA512
96084f42f0d35211516c92ffea4f1095412e25e672fa2218d767186e77519dd1965bb21ddb3b06823a3c1578ac84e3df7a53094e49a498591bfea8875d8e4db4
-
SSDEEP
768:Qb3jsJhQlEF2VVay1N5J3SoO6Qku2ox3hOk3Hsu1iz0:QbgjQWq8GV3jOTJh1Xl20
Score1/10 -
-
-
Target
$TEMP/Maple
-
Size
144KB
-
MD5
d99951681ca785e10c3dcf0eda9289a2
-
SHA1
3014fa710fbf5b0c0f11f744a5767958fa09d379
-
SHA256
02016b08121445b1138c60d0cb7b4624dc5ffad5986349c00fc28963b4a1c29a
-
SHA512
eac57095aa4f8cccf076d39735a2e4a0d695fcc3ea344d941809b0080f6df1c01cc7f36eb2070de91460a176e5aeb194009fdb08a773572221c47087d80be9ac
-
SSDEEP
3072:49AUStK7MXevssqxN62PVU1EkmX9RKonCWspNXS8+fKjY/Jglz+vgCltL1FR05xn:oAUStK7MXaCxN6mU2kTo2pNXSv2Y/Jvy
Score1/10 -